nss-pam-ldapd security advisory (CVE-2013-0288)

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-announce <nss-pam-ldapd-announce [at] lists.arthurdejong.org>
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd security advisory (CVE-2013-0288)
Date: Mon, 18 Feb 2013 18:01:24 +0100

Garth Mollett discovered that a file descriptor overflow issue in the
use of FD_SET() in nss-pam-ldapd can lead to a buffer overflow. An
attacker could, under some circumstances, use this flaw to cause a
process that has the NSS or PAM module loaded to crash or potentially
execute arbitrary code.

This problem affects all releases before 0.7.18 and 0.8.11.

This problem has been assigned CVE-2013-0288.

More details are available at:
http://arthurdejong.org/nss-pam-ldapd/CVE-2013-0288

Users are advised to apply the appropriate patch or upgrade to 0.8.11 or
0.7.18.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-announce-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-announce/

nss-pam-ldapd security advisory (CVE-2013-0288), Arthur de Jong

Prev by Date: nss-pam-ldapd moving from Subversion to Git
Next by Date: release 0.9.0 of nss-pam-ldapd
Previous by thread: nss-pam-ldapd moving from Subversion to Git
Next by thread: release 0.9.0 of nss-pam-ldapd